CBS This Morning

Opinion: Cyber Conflict in the Oval Office

Finally, at long last, cybersecurity and cyberwarfare got
the election year attention they deserve in Monday’s first presidential debate.
Whether the candidates’ remarks inspired confidence, however, is a debatable
question in itself.

It’s become a cliché in corporate America to say cybersecurity has mushroomed from an IT worry to a boardroom priority. Now the same
is true in government: cyber security has become a key leadership issue. The
next president will be forced up a steep learning curve.

“Our institutions are under cyberattack, and our secrets are
being stolen,” said debate moderator Lester Holt. “So my question is, who’s
behind it? And how do we fight it?”

Hillary Clinton called out Russia’s Vladimir Putin. “Putin is playing a really tough, long
game here,” she said. “We are not going to sit idly by and permit state actors
to go after our information… And we’re going to have to make it clear that we
don’t want to use the kinds of tools that we have. We don’t want to engage in a
different kind of warfare.”

But it is not just
major state actors laying siege to U.S. interests. It is an encyclopedia of
governments, freelance proxies, hacktivists, crooks, and chaos agents. And the
country, not to mention the next president, has no choice but to fight in
cyberspace. It is a new sphere of unceasing conflict.

The lawless landscape, plus the probability of more, and
more ruinous, attacks on US interests, will pose an unprecedented leadership
challenge for President Obama’s successor.

More cyberattacks are probable. Some future assaults will
likely be designed to cause more public chaos. In the global underground
economy run by computer criminals​, all the technology required to take a
crippling shot at transit systems – or the energy grid, air traffic control,
financial networks, health systems, even the food supply chain – is for sale.
Modest villains can get their hands on high-quality cyber munitions. A successful
attack on infrastructure would likely have obvious immediate fallout, with many
citizens inconvenienced or even endangered.

No prior commander-in-chief has been put in this position.

We know enough about nuclear, chemical, and bio weapons to extrapolate
detailed war scenarios. For them we have doctrines and even governing
protocols. Cyber weapons are more difficult to manage: they evolve more
rapidly, and we draw on far less real-world experience. If an enemy disables
civilian targets using cyber, can the U.S. retaliate in like-for-like manner
without escalating the conflict? Should it even try?

Amid public protest, a president might be tempted into rapid
reprisal. But attribution is among the most complex aspects of cyber warfare.
Digital forensic work can suggest a perpetrator, but not usually with certitude.
A level-headed attacker naturally wants to implicate some other party, so false
flags and red herrings often litter the attack scene. (This marks a profound
difference from nuclear strategy or conventional terrorism, where proven
techniques can source an incoming missile or trace a bomb’s origin.) We can imagine
a bit player terror group seeking to pit nation-states against one another with
cyber aggression that appears to come from those countries.

Pinpointing blame for a cyberattack takes a blend of cutting-edge
digital forensics, traditional intelligence, ever-better defensive
technologies, and more robust public-private cooperation​ including threat
intelligence sharing. Conflict managers in the public sector will be wise to
have all available resources collaborate on attribution and response design – while
deflecting public clamor for quick revenge.

The U.S. and key allies hold regular cyber war games​. Since
2010 NATO’s Cooperative Cyber Defense Centre of Excellence has run Locked
Shields, an annual exercise in which the fictional Berylia comes under cyber
fire, often from rival Crimsonia. But Locked Shields participants tend to be veteran security experts. The time
has come to put political leaders in the thick of things too – because if and
when a serious attack occurs, it is they who will make cyber policy on the fly.
The experts will execute their orders.

One irony of cyber warfare is that cyber weapons in rational
hands can be precise and efficient. Offensive cyber weapons can be programmed
to focus on an intended target. In
some ways, they are the ultimate precision ordinance – at least in theory. (Bugs
or code errors could still send a weapon awry.)

All are points to ponder
for any head of state entering unmapped territory where needed norms or
precedents do not exist.

Odds are fair that the next president will lead the United
States through a high-visibility cyber conflict – working with intelligence and
private assets to limit damage, directing quick recovery, and considering a
response that does not prompt unwanted escalation. The executive playbook should draw on recommendations from many sources,
inside and outside of government. To respond to a catastrophic cyberattack,
the president will have to sift everything – and make history in real time.